From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 70113 invoked by alias); 6 Sep 2015 21:50:13 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 70100 invoked by uid 89); 6 Sep 2015 21:50:12 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: Yes, score=6.3 required=5.0 tests=AWL,BAYES_80,FREEMAIL_FROM,KAM_THEBAT,RCVD_IN_JMF_BL,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtp.ht-systems.ru Received: from smtp.ht-systems.ru (HELO smtp.ht-systems.ru) (78.110.50.177) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Sun, 06 Sep 2015 21:50:10 +0000 Received: from [95.165.144.62] (helo=darkdragon.lan) by smtp.ht-systems.ru with esmtpa (Exim 4.80.1) (envelope-from ) (Authenticated sender: postmaster@rootdir.org) id 1ZYhp6-00082K-J2 ; Mon, 07 Sep 2015 00:50:04 +0300 Received: from [192.168.1.10] (HELO daemon2.darkdragon.lan) by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP; Sun, 06 Sep 2015 21:40:05 -0000 Date: Sun, 06 Sep 2015 21:50:00 -0000 From: Andrey Repin Reply-To: cygwin@cygwin.com Message-ID: <741476330.20150907004005@yandex.ru> To: Zdzislaw Meglicki , cygwin@cygwin.com Subject: Re: Sshd behaving strangely... In-Reply-To: <1536135967.1623711.1441554363665.JavaMail.yahoo@mail.yahoo.com> References: <1536135967.1623711.1441554363665.JavaMail.yahoo@mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-09/txt/msg00100.txt.bz2 Greetings, Zdzislaw Meglicki! Please teach your mail agent to not break threading. Thank you in advance. >> OpenSSH 7.0 (and thus the current 7.1) deprecated a couple >> of old and insecure ciphers. Probably that's the reason. > Well, what I mean is that it is strange that sshd-7.1p1-1 accepts > a connection from ssh-3.9p1, upon announcing that the "key type ssh-dss > [is] not in PubkeyAcceptedKeyTypes," and lets the user in having accepted > the password, Likely explanation is that you've tried to connect using private DSA key, which server rejected and subsequently asked for a password. > yet rejects connection from ssh-6.8p1-1 not even allowing > for the presentation of a password, and claims that "seteuid operation > [is] not permitted." This is a different issue, judging from the error message. Without more data from both sides it is impossible to tell for certain, whats going on. A verbose log of the same connection from both server and client may help. > Why was the operation permitted when the key was not in > PubkeyAcceptedKeyTypes? > This seems to me to be a security bug. More like you are not telling us a whole story. > And I still wonder how to configure sshd to allow normal connections > with accepted key types, any documentation out there that would help? Sorry, what? It do work like that out of the box. -- With best regards, Andrey Repin Monday, September 7, 2015 00:33:31 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple